环境配置
主DNS——linux1:192.168.10.100
从DNS——linux2:192.168.10.101
客户机——Client:192.168.10.200
linux1-2安装DNS服务:yum install bind* -y
主DNS配置
编辑主DNS配置文件:
[root@linux1 ~]# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; }; //将127.0.0.1改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; //将localhost改为any
...
}
[root@linux1 ~]#
编辑主DNS区域文件:
[root@linux1 ~]# vi /etc/named.rfc1912.zones
#在文件末尾添正反向解析文件
...
zone "cetrp.com" IN {
type master; #类型为主DNS
file "cetrp.zone"; #正向解析文件名
allow-update { 192.168.10.101; }; #指定更新的主机地址
};
zone "10.168.192.in-addr.arpa" IN {
type master; #类型为主DNS
file "10.zone"; #反向解析文件名
allow-update { 192.168.10.101; }; #指定更新的主机地址
};
...
[root@linux1 ~]#
创建主DN正反向文件:
[root@linux1 ~]# cd /var/named/ [root@linux1 named]# ls chroot data dynamic dyndb-ldap named.ca named.empty named.localhost named.loopback slaves [root@linux1 named]# cp named.localhost cetrp.zone [root@linux1 named]# cp named.localhost 10.zone [root@linux1 named]# ls -l cetrp.zone 10.zone -rw-r-----. 1 root root 152 May 2 01:02 10.zone -rw-r-----. 1 root root 152 May 2 01:02 cetrp.zone [root@linux1 named]# chown named cetrp.zone 10.zone [root@linux1 named]# ls -l cetrp.zone 10.zone -rw-r-----. 1 named root 152 May 2 01:02 10.zone -rw-r-----. 1 named root 152 May 2 01:02 cetrp.zone [root@linux1 named]#
主DNS正向解析文件配置:
[root@linux1 named]# vi cetrp.zone
$TTL 1D
@ IN SOA ns.cetrp.com. root.cetrp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns.cetrp.com.
ns IN A 192.168.10.100
www IN A 192.168.10.101
[root@linux1 named]#
主DNS反向向解析文件配置:
[root@linux1 named]# vi 10.zone
$TTL 1D
@ IN SOA ns.cetrp.com. root.cetrp.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns.cetrp.com.
100 IN PTR ns.cetrp.com.
101 IN PTR www.cetrp.com.
[root@linux1 named]#
启动主DNS服务:
[root@linux1 ~]# firewall-cmd --permanent --add-port=53/udp
[root@linux1 ~]# firewall-cmd --permanent --add-port=53/tcp
[root@linux1 ~]# firewall-cmd --reload
[root@linux1 ~]# systemctl start named
[root@linux1 ~]# systemctl enable named
主DNS自测:
[root@linux1 ~]# vi /etc/resolv.conf servername 192.168.10.100 servername 192.168.10.101 [root@linux1 ~]# [root@linux1 ~]# nslookup ns.cetrp.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ns.cetrp.com Address: 192.168.10.100 [root@linux1 ~]# nslookup 192.168.10.100 100.10.168.192.in-addr.arpa name = ns.cetrp.com. [root@linux1 ~]#
从DNS配置:
编辑主DNS配置文件:
[root@linux2 ~]# cat /etc/named.conf
...
options {
listen-on port 53 { 127.0.0.1; }; #改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; #改为any
...
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
masterfile-format text; #指定下载的解析文件格式(不指定会乱码)
forwarders { 192.168.10.100; }; #全局转发主DNS
};
...
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@linux2 ~]#
编辑从DNS区域文件:
[root@linux2 ~]# vi /etc/named.rfc1912.zones
...
zone "cetrp.com" IN {
type slave; #从模式
file "slaves/cetrp.zone"; #正向解析文件路径
masters { 192.168.10.100; }; #主DNS地址
};
zone "10.168.192.in-addr.arpa" IN {
type slave; #从模式
file "slaves/10.zone"; #反向解析文件路径
masters { 192.168.10.100; }; #主DNS地址
};
[root@linux2 ~]#
启动从DNS服务:
[root@linux1 ~]# firewall-cmd --permanent --add-port=53/udp
[root@linux1 ~]# firewall-cmd --reload
[root@linux1 ~]# systemctl start named
[root@linux1 ~]# systemctl enable named
从DNS自测
[root@linux1 ~]# vi /etc/resolv.conf servername 192.168.10.100 servername 192.168.10.101 [root@linux1 ~]# [root@linux2 ~]# ls /var/named/slaves/ #查看从DNS正反向文件 10.zone cetrp.zone #必须要有这两个文件(由主DNS下载而来),只要配置文件正确能正常启动从DNS就会自动下载 [root@linux2 ~]# [root@linux2 ~]# nslookup www.cetrp.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.cetrp.com Address: 192.168.10.101 [root@linux2 ~]# nslookup 192.168.10.101 101.10.168.192.in-addr.arpa name = www.cetrp.com. [root@linux2 ~]#